[FUG-BR] Erro na inicialização do ldap
Giancarlo Rubio
gianrubio em gmail.com
Terça Junho 17 16:24:18 BRT 2008
O problema não é no winbind não,o winbind serve para fazer um servidor
*nix fazer join em algum domínio do AD.
Eu ficaria de olho no erro do messages
sql_select option missing &
auxpropfunc error no mechanism available
Outra coisa se observar e se o host uri
ldap://cegonha.cpaa.embrapa.br/ aponta para a maquina que roda o ldap.
2008/6/17 ThOLOko <tholoko em gmail.com>:
>
> mude para:
>
> /etc/nsswitch.conf
> #group: compat
> group: files ldap winbind
> group_compat: nis
> hosts: files dns
> networks: files
> #passwd: compat
> passwd: files ldap winbind
> shadow: files ldap winbind
> passwd_compat: nis
> shells: files
>
> Não sei, mas depois de uma certa versao do samba precisa por o winbind para
> "conversar" com o ldap + samba.
>
> Abraços!
>
> 2008/6/17 Jose Raimundo da S. Barbosa <jose.barbosa em cpaa.embrapa.br>:
>
> > Oi..
> >
> > esta assim..
> >
> > /etc/nsswitch.conf
> > #group: compat
> > group: files ldap
> > group_compat: nis
> > hosts: files dns
> > networks: files
> > #passwd: compat
> > passwd: files ldap
> > passwd_compat: nis
> > shells: files
> >
> > > Como está o seu /etc/nsswitch.conf ?
> > >
> > >
> > >
> > > On Tue, Jun 17, 2008 at 3:34 PM, Jose Raimundo da S. Barbosa <
> > > jose.barbosa em cpaa.embrapa.br> wrote:
> > >
> > >> ola colegas, acabei de instalar e configurar um servidor LDAP. Parece
> > >> que
> > >> tudo ta funcionando legal: construi a base LDAP, importei minha base de
> > >> usuário para dentro dele, estou consultando a base, etc. Mas agora vou
> > >> partir para a integracao com o SAMBA, postfix, etc. Só que consultando
> > >> meu
> > >> /var/log/messages vejo as seguintes mensagens na inicializacao do LDAP:
> > >>
> > >> Jun 17 13:22:00 ariranha slapd[9073]: nss_ldap: could not search LDAP
> > >> server - Server is unavailable
> > >> Jun 17 13:22:00 ariranha slapd[9073]: sql_select option missing
> > >> Jun 17 13:22:00 ariranha slapd[9073]: auxpropfunc error no mechanism
> > >> available
> > >>
> > >> fiz um teste...parei o servidor (/usr/local/etc/rc.d/slapd stop) e
> > >> startei
> > >> novamente...reparei que a partir de entao ele leva uns 30 segundos para
> > >> entrar no ar...dai visualizei novamente o log messages e a mensagem
> > >> acima
> > >> consta no arquivo.
> > >>
> > >> Alguma idéia?
> > >>
> > >> Acabei de instalar o FreeBSD 7.0
> > >>
> > >> nss_ldap.conf
> > >> --------------
> > >> @(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
> > >> #
> > >> # This is the configuration file for the LDAP nameservice
> > >> # switch library and the LDAP PAM module.
> > >> #
> > >> # PADL Software
> > >> # http://www.padl.com
> > >> #
> > >>
> > >> host 127.0.0.1
> > >> base dc=cpaa,dc=embrapa,dc=br
> > >> uri ldap://cegonha.cpaa.embrapa.br/
> > >> ldap_version 3
> > >>
> > >>
> > >> slapd.conf
> > >> ------------
> > >> #
> > >> # See slapd.conf(5) for details on configuration options.
> > >> # This file should NOT be world readable.
> > >> #
> > >> include /usr/local/etc/openldap/schema/core.schema
> > >> include /usr/local/etc/openldap/schema/cosine.schema
> > >> include /usr/local/etc/openldap/schema/nis.schema
> > >> include /usr/local/etc/openldap/schema/inetorgperson.schema
> > >> include /usr/local/etc/openldap/schema/qmail.schema
> > >> include /usr/local/etc/openldap/schema/samba.schema
> > >>
> > >> # Ativando suporte a TLS
> > >> TLSCertificateFile /usr/local/etc/openldap/ssl/servercrt.pem
> > >> TLSCertificateKeyFile /usr/local/etc/openldap/ssl/serverkey.pem
> > >> TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem
> > >> #TLSCipherSuite HIGH:MEDIUM:+SSLv2
> > >>
> > >> # Define global ACLs to disable default read access.
> > >>
> > >> # Do not enable referrals until AFTER you have a working directory
> > >> # service AND an understanding of referrals.
> > >> #referral ldap://root.openldap.org
> > >>
> > >> pidfile /var/run/openldap/slapd.pid
> > >> argsfile /var/run/openldap/slapd.args
> > >>
> > >> # Load dynamic backend modules:
> > >> modulepath /usr/local/libexec/openldap
> > >> moduleload back_bdb
> > >> # moduleload back_ldap
> > >> # moduleload back_ldbm
> > >> # moduleload back_passwd
> > >> # moduleload back_shell
> > >>
> > >> access to attrs=userPassword,sambaLMPassword,sambaNTPassword
> > >> by dn="cn=root,dc=embrapa,dc=br" write
> > >> by anonymous auth
> > >> by self write
> > >> by * none
> > >>
> > >> access to attrs=uidNumber,gidNumber
> > >> by dn="cn=root,dc=embrapa,dc=br" write
> > >> by * read
> > >>
> > >> access to *
> > >> by dn="cn=root,dc=embrapa,dc=br" write
> > >> by self write
> > >> by * read
> > >>
> > >> database bdb
> > >> suffix "dc=embrapa,dc=br"
> > >> rootdn "cn=root,dc=embrapa,dc=br"
> > >>
> > >> rootpw secret
> > >> # The database directory MUST exist prior to running slapd AND
> > >> # should only be accessible by the slapd and slap tools.
> > >> # Mode 700 recommended.
> > >> directory /var/db/openldap-data
> > >> # Indices to maintain
> > >> index objectClass eq
> > >> index uid pres,eq,sub
> > >> index gidNumber eq
> > >> index uidNumber eq
> > >> index cn pres,eq,sub
> > >> index memberuid pres,eq,sub
> > >> index mail pres,eq,sub
> > >> index mailAlternateAddress pres,eq,sub
> > >> index sn pres,eq,sub
> > >> #index displayName pres,eq,sub
> > >> #index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
> > >> #index default sub
> > >>
> > >>
> > >>
> > >> -------------------------
> > >> Histórico: http://www.fug.com.br/historico/html/freebsd/
> > >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> > >>
> > >
> > >
> > >
> > > --
> > > ThOLOko
> > > ThOmaz BeLgine
> > > email: tholoko em gmail.com
> > > msn: tholoko em hotmail.com
> > > -FrEEBSD-
> > > UniX TeaM
> > > BeFree => BeFreeBSD
> > > http://www.itexplorer.com.br
> > > -------------------------
> > > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> > >
> >
> >
> > --
> > José Raimundo da S. Barbosa
> > Embrapa Amazonia Ocidental
> > Setor de Informação
> > Fone: (92) 3621-0350)
> >
> > -------------------------
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
>
>
>
> --
> ThOLOko
> ThOmaz BeLgine
> email: tholoko em gmail.com
> msn: tholoko em hotmail.com
> -FrEEBSD-
> UniX TeaM
> BeFree => BeFreeBSD
> http://www.itexplorer.com.br
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
--
Giancarlo Rubio
Mais detalhes sobre a lista de discussão freebsd